mask.of.sanity writes: Twitter, Linkedin, Yahoo! and Hotmail accounts are open to hijacking thanks to a flaw that allows cookies to be stolen and reused.Attackers need to intercept cookies while the user is logged into the service because the cookies expire on log-out ( except LinkedIn which keeps cookies for three months). The server will still consider them valid.For the Twitter attack, you need to grab the auth_token string and insert it into your local Twitter cookies. Reload Twitter, and you'll be logged in as your target (video here). Not even password changes will kick you out.